This repository was archived by the owner on Nov 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
/
Copy pathstatefulset.yaml
139 lines (138 loc) · 4.57 KB
/
statefulset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/
# https://cloud.google.com/kubernetes-engine/docs/concepts/statefulset
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ .Values.app }}
spec:
selector:
matchLabels:
app: {{ .Values.GitlabEnvSlug | default .Values.app }}
serviceName: {{ .Values.app }}
replicas: {{ .Values.nodes.replicas }}
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
template:
metadata:
labels:
app: {{ .Values.GitlabEnvSlug | default .Values.app }}
spec:
{{- if .Values.rbac.enable }}
serviceAccountName: {{ .Values.rbac.name }}
{{- else }}
serviceAccountName: default
{{- end }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node
operator: In
values:
- substrate
{{- if .Values.listen_node_port }}
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- {{ .Values.app }}
topologyKey: "kubernetes.io/hostname"
{{- end }}
terminationGracePeriodSeconds: 300
{{- if .Values.validator.keys }}
volumes:
- name: {{ .Values.app }}-validator-secrets
secret:
secretName: {{ .Values.app }}-secrets
initContainers:
- name: prepare-secrets
image: busybox
command: [ "/bin/sh" ]
args:
- -c
- sed -n -r "s/^${POD_NAME}-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/key;
sed -n -r "s/^${POD_NAME}-node-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/node-key;
sed -n -r "s/^${POD_NAME}-name ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/name;
test -s {{ .Values.image.basepath }}/name || echo "${POD_NAME}" > {{ .Values.image.basepath }}/name
env:
# from (workaround for hostname)
# https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: {{ .Values.app }}-validator-secrets
readOnly: true
mountPath: "/etc/validator"
- name: {{ .Values.app }}dir
mountPath: {{ .Values.image.basepath }}
{{- end }}
containers:
- name: {{ .Values.app }}
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- if .Values.resources }}
resources:
requests:
memory: {{ .Values.resources.memory }}
cpu: {{ .Values.resources.cpu }}
{{- end }}
ports:
- containerPort: 30333
name: p2p
- containerPort: 9933
name: http-rpc
- containerPort: 9944
name: websocket-rpc
command: ["/bin/sh"]
args:
- -c
- exec /usr/local/bin/substrate
--base-path {{ .Values.image.basepath }}
{{- if .Values.validator.keys }}
--validator
--name $(cat {{ .Values.image.basepath }}/name)
--key $(cat {{ .Values.image.basepath }}/key)
--node-key $(cat {{ .Values.image.basepath }}/node-key)
{{- else }}
--name $(POD_NAME)
{{- end }}
{{- range .Values.nodes.args }} {{ . }} {{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: {{ .Values.app }}dir
mountPath: {{ .Values.image.basepath }}
readinessProbe:
httpGet:
path: /health
port: http-rpc
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
httpGet:
path: /health
port: http-rpc
initialDelaySeconds: 10
periodSeconds: 10
securityContext:
runAsUser: 1000
fsGroup: 1000
volumeClaimTemplates:
- metadata:
name: {{ .Values.app }}dir
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: ssd
resources:
requests:
storage: 32Gi